JP2001312468A - Network connection control method and connection control system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a network connection control method which can minimize the cost for providing service through the Internet. SOLUTION: User authentication information sent from a user terminal 5 to an NAS(network access server) 6 that a provider operates together with a request to connect to the Internet is transferred to an authentication server 7 that the provider operates. When the user authentication information meets specific conditions, the user authentication information is transferred to an authentication server 10 that a service provider different from the mentioned provider operates, user authentication is carried out by referring to a database 15 made to correspond to the authentication server 10, and the user authentication result is sent back to the authentication server 7. The authentication server 7 informs the NAS 6 of the authentication result from the authentication server 10. According to the reported result of the user authentication, the NAS 6 controls whether or not the user terminal 5 can be connected to the Internet 1.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a connection control method and a connection control system for the Internet.

[0002]

2. Description of the Related Art In recent years, a quotient form in which various services are provided using a computer network has attracted attention. In particular, with the development of the Internet, even services that are not familiar with computer networks and are targeted at the personal consumer class are now being provided through networks, and this type of commercial form seems to have become a common sense.

[0003] When the Internet is used by individual users, most of them use their dial-up IP connection services provided by commercial providers to connect their terminals to the Internet. In this case, the user had to contract with the provider for Internet connection.

On the other hand, the provision of services using the Internet has a problem of charging. As a solution, a provider that provides a paid service notifies a user who desires the service of an account code such as a member number, and restricts the users who use the service based on the account code as well as restricting each user. In some cases, the usage status is grasped and a usage fee is charged.

[0005]

In the above situation, in order for a user who does not have an environment to connect to the Internet to use a service of a specific business operator, a contract with a provider and a service on the network are required. It is necessary to conclude two contracts with the provider at the same time, and the user feels troublesome. For an individual user who does not have sufficient knowledge of the Internet, the meaning of the provider is difficult to understand, and it is often impossible to determine which provider to select. If the Internet connection service and the use of the service on the network are separately charged and charged separately, individual users who do not have knowledge of the network may be further confused. .

[0006] On the other hand, if a business operator who intends to provide some service on the Internet also prepares a connection service to the Internet at the same time, it is necessary to provide access points in various places, resulting in a large capital investment. . Therefore, it is inevitable to use the facilities of the existing provider to realize connection to the Internet.

Therefore, the present invention makes it easy for a user who does not have knowledge of the Internet to understand, and can effectively use existing network connection services to minimize the cost of providing services through the Internet. It is an object to provide a simple network connection control method and a connection control system.

[0008]

Hereinafter, the present invention will be described. In addition, in order to facilitate understanding of the present invention, reference numerals in the accompanying drawings are added in parentheses, but the present invention is not limited to the illustrated embodiment.

A network connection control method according to the present invention provides a method for connecting a user terminal (5) to the Internet with respect to a network access server (6) operated by a first business operator providing a connection service to the Internet (1). The user authentication information sent together with the request is transferred from the network access server to the first authentication server (7) operated by the first business entity in association with the network access server, and the user authentication information is transmitted under a predetermined condition. When the condition is satisfied, the user authentication information is transmitted from the first authentication server to the second authentication server (10) operated by a second business operator different from the first business operator via the Internet. Further, the second authentication server is transferred with reference to a database (15) associated with the second authentication server. Performs the user authentication, returns the user authentication result to the first authentication server, and the first authentication server notifies the network access server of the authentication result from the second authentication server, and the notification The network access server controls whether the user terminal can connect to the Internet based on the result of the user authentication performed.

According to the present invention, when the authentication information of the user making a connection request to the network access server operated by the first business operator satisfies a predetermined condition,
Instead of the first authentication server, a second authentication server operated by a second operator performs user authentication, and if the user is authenticated there as a legitimate user, the network access server of the first operator can execute the user authentication. Allow to connect to the Internet for. For this reason, it is possible to use various facilities for connection to the Internet prepared by the first business operator for a user who has contracted with the second business operator to realize connection to the Internet. Which user is permitted to connect to the Internet can be freely determined between the first and second operators, and appropriate user authentication information is determined based on the details of the agreement. Can be used by the user, so that the user can connect to the Internet without being aware of the first business operator. The second business operator does not need to prepare facilities for providing a connection service to the Internet, so that it is possible to reduce capital investment and concentrate on expanding services provided to users through the Internet. For the first operator,
Since the user acquired by the second business operator uses his / her own Internet connection service, the operating expenses for acquiring the user can be reduced, and accordingly, even if the price for the connection service is reduced, sufficient profit can be obtained. Can be raised.

[0011] In the connection control method of the present invention, the user authentication information includes an account code for specifying a user, and the first authentication server transmits the account code when the account code includes a predetermined code. The user authentication information may be sent to a second authentication server.

A server (for example, 1) for providing the predetermined service on the Internet by the second operator.
1, 12), and the account code including the predetermined code may be set as an account code for using the predetermined service provided on the Internet by the second business operator. With this configuration, the use of the service connected to the Internet and the use of the service provided by the second company through the Internet can be managed by the integrated account code, and a service that is more easily understood by the user can be provided.

[0013] A lobby server (11) for providing a plurality of users with a place to search for a negotiation partner through the Internet is included as a server for the second operator to provide a predetermined service on the Internet. It may be.

[0014] In the connection control method of the present invention, there is provided a server (for example, 11 or 12) for providing the predetermined service on the Internet by the second operator,
The first detecting means operated by the first business operator detects the result of the user connecting to the Internet via the network access server (6) and is operated by the second business operator. The second detecting means (14) detects a record of the user using the service provided by the server of the second business, and the billing information generating means (14) operated by the second business. ), The usage fee to be charged to the user may be determined based on the detection results of the first and second detection means.

[0015] According to this configuration, the price of the user using the Internet connection service provided by the first business operator and the usage fee of the service provided by the user second business operator are determined by the second business. Can collectively make a request. In other words, the second business will charge the user for the first business on behalf of the first business. Therefore, the user is not individually charged for the usage fee from each business, and confusion of the user can be avoided.

In the process of determining the usage fee,
When a predetermined discount condition is satisfied, a use price actually charged to the user may be discounted from a use price when it is assumed that the discount condition is not satisfied. In other words, when the second provider acts on behalf of the second provider to collect the usage fee for the Internet connection service provided by the first provider, the first provider transfers the usage fee from the second provider. Since it is not necessary to know what kind of billing is made to the user if the collection is possible, the second company can freely set the contents of the billing to the user irrespective of the fee system of the first company. This makes it possible to set a fee structure that is attractive to the user when using the service of the second business operator.

The term "discount" as used herein is a concept that includes free use without requesting a usage fee. The predetermined discount condition may be associated with use of the user for a service provided by the second business entity via the server. For example, when the service provider sells a product or provides a paid service as a service via the server, when the purchase price of the product or the usage fee of the service exceeds a predetermined amount. May be determined that the predetermined discount condition is satisfied. The service provider, as a service via the server,
When providing a paid game and issuing points to the user according to the play situation of the game, it is possible to determine whether the predetermined discount condition is satisfied based on the points. Good.

The network connection control system according to the present invention further comprises a network access server (6) operated by a first business operator providing a connection service to the Internet (1), and the network access server being associated with the network access server. A first authentication server (7) operated by a first operator and a second operator different from the first operator are connected to the first authentication server via the Internet. A second authentication server (10), wherein user authentication information sent from the user terminal (5) to the network access server together with a request for connection to the Internet is sent from the network access server to the first authentication server. When the user authentication information satisfies a predetermined condition, the first authentication server sends the user authentication information to the Internet. Further transferring the user authentication information to the second authentication server via the second authentication server, executing the user authentication by the second authentication server with reference to the database associated with the second authentication server, the user Returning an authentication result to the first authentication server,
The authentication server notifies the network access server of an authentication result from the second authentication server, and the network access server determines whether the user terminal can connect to the Internet based on the notified user authentication result. To control.

According to this connection control system, the same operation and effect as those of the above-described connection control method can be obtained.

The connection control system of the present invention may include various additional modes as in the above-described connection control method.

For example, the user authentication information includes an account code for specifying a user, and the first authentication server sends the account code to the second authentication server when the account code includes a predetermined code. The user authentication information may be transmitted.

A server (for example, 1) for providing the predetermined service on the Internet by the second operator.
1, 12), and the account code including the predetermined code may be set as an account code for using the predetermined service provided on the Internet by the second business operator.

A lobby server (11) for providing a plurality of users with a place to search for a negotiation partner through the Internet is provided as a server for the second operator to provide a predetermined service on the Internet. It may be.

A server (for example, 1) for providing the predetermined service on the Internet by the second operator.
(1), (12), first detecting means operated by the first business operator, and detecting the performance of the user connecting to the Internet via the network access server (6); and the second business Detecting means (1) that is operated by a user and detects a record of the user using the service provided by the server of the second business operator.
4) and operated by the second operator, and the first
And a billing information generating means (1) for determining a usage charge to be charged to the user based on a detection result of the second detecting means.
4).

[0025] The billing information generating means may, when a predetermined discount condition is satisfied, discount a use price actually charged to the user from a use price when it is assumed that the discount condition is not satisfied.

[0026] The predetermined discount condition may be associated with use of the user for a service provided by the second business operator through the server. For example, in a case where the service provider sells a product or provides a paid service as a service via the server, the billing information generating means may include a purchase price for the product or a usage fee for the service. May exceed the predetermined amount, it may be determined that the predetermined discount condition is satisfied.

[0027] The service provider provides a paid game as a service via the server,
In a case where points according to a play situation for the game have been issued to the user, the billing information generating unit may determine whether or not the predetermined discount condition is satisfied based on the points. .

[0028]

FIG. 1 shows the configuration of a network system to which the present invention is applied. This system is
It has the Internet 1 and a plurality of networks 2 and 3 connected thereto. The networks 2 and 3 are operated by different business entities. Network 2
Is a network (ISP network) operated by a provider that provides a connection service to the Internet 1,
The network 3 is a network operated by a service provider who intends to provide a specific service through the Internet 1. A network of countless providers is connected to the Internet 1, and the providers shown here are operators who have signed a contract for an authentication service for realizing the system of the present invention with a service provider. is there. In the following description, such a provider may be referred to as a specific provider. Although there may be a plurality of specific providers, FIG. 1 shows only the network of one specific provider.

A network 2 of a specific provider has a network access server (NAS) 6 for connecting the user terminals 5... 5 to the network 2 via a public line network 4 such as a telephone line or an ISDN line. Radius (RemoteAuthentication Dial In U
ser Service) Various servers such as a server 7 are connected.
The NAS 6 is installed at an access point set in each area within a business area (service providing area) of a specific provider, and supports a protocol for dial-up IP connection such as PPP or SLIP. The NAS 6 may be called a terminal server. Radius
The server 7 is provided for performing unified user authentication with respect to a plurality of NASs 6, and conforms to RFCs (Request for Comments) 2138 and 2139 known as documents collecting standards and information necessary for the Internet. The detailed specifications have been published.

A user who has contracted with a provider that operates the network 2 is given an account code (for example, U1234) that can be used in the network 2 and a password that is paired with the account code. In some cases, a user can select an account code within a range that does not overlap with other users. The password can be set by the user. The network 2 is connected to a database server that stores the account code and password of the user who has contracted with the provider in association with each other. Ra
The ius server 7 performs user authentication using an account code and a password in response to a request from the NAS 6, and the procedure will be described later.

On the other hand, to the network 3 operated by the service provider, a Radius server 10 for authenticating a user who has contracted with the service provider is connected, and a predetermined service is provided to a user accessing from the Internet 1. Lobby server 1 to provide
1, WWW servers 12 and 13, customer management server 14,
The customer database server 15 and the like are connected. An account code (for example, XYZ@abcd.net) and a password paired with the account code are given to a user who has contracted with the service provider. All account codes given to users by service providers include common features that can be distinguished from account codes given to users by specific providers. In the illustrated example, the portion of “@ abcd.net” is added to the end of the account codes of all users who have contracted with the service provider. In the following description, this part is called a common code. An account code other than the common code may be set by the user within a range that does not overlap with other users. The password may be freely set by the user.

[0032] The customer database server 15 stores a database in which account codes and passwords of users who have contracted with the service provider are associated with each other. The database may include the user's address, telephone number, credit card number, and other user-specific information. R
The adius server 10 is a customer database server 15
Is used to perform user authentication in cooperation with the Radius server 7 of the network 2, the procedure of which will be described later.

The customer management server 14 is for managing the history of the use of the service on the network 3 by the user who has contracted with the service provider. For example, a user's monthly usage time of a service on the network 3, a history of downloading files on the network 3, or information for specifying a user's service usage fee and the like is associated with an account code of each user and is associated with the customer. Recorded in the management server 14.

To prevent unauthorized access to the customer management server 14 and the customer database server 15 from outside the network 3, a firewall 16 is installed at an appropriate position in the network 3. Then, as viewed from the Internet 1, the customer management server 14 and the customer database server 15 are installed behind a firewall 16.

The lobby server 11 provides a common space for a plurality of users accessing from the Internet 1. For example, a space for finding an opponent of a chat or a network battle game is constructed on the lobby server 11. Access to the lobby server 11
It is also possible to limit to users registered in advance. In this case, the lobby server 11 can execute a predetermined authentication procedure for a user who accesses the lobby server 11. For this authentication, the customer database server 15 used by the Radius server 10 for user authentication can be used.
Thus, the Radius server 10 and the lobby server 11
If a common customer database server 15 is used,
Through the firewall 16 and the database server 15
The route to access is shared. Therefore, Rad
As compared with the case where separate database servers are provided for the ius server 10 and the lobby server 11, respectively, the possibility of occurrence of a so-called security hole is reduced and the security is increased. In addition, the use of a common database reduces the maintenance effort.

Although the network 3 in FIG. 1 does not have an access unit using a public line network 4 or the like from a user, an access unit similar to the NAS 6 of the network 2 may be provided in the network 3.

FIG. 2 is a flowchart showing the procedure of user authentication using the Radius servers 7 and 10. In the system of the present invention, when a user who contracts with a specific provider connects to the Internet 1 via the network 2, a user who contracts with a service provider operating the network 3 connects to the Internet 1 via the network 2. It is assumed that a connection is made and that a user who has not made any contract requests a connection to the network 2.

The user operates the terminal 5 to operate the network 2
When a dial-up IP connection is attempted to the NAS 6, a line connection process (for example, a process for establishing a PPP connection) is performed between the user terminal 5 and the NAS 6 according to a predetermined procedure (step S1). If the line connection is successful, the user terminal 5 requests the NAS 6 for a connection service to the Internet 1 (step S2), and
6 requests the user terminal 5 to transmit user authentication data (in this case, an account code and a password) (step S3). In response, the user terminal 5 transmits the authentication data (step S4).

The NAS 6 that has received the authentication data passes it to the Radius server 7 and performs user authentication with the R.
A request is made to the adius server 7 (step S5). Ra
The dius server 7 performs a user authentication process based on the provided authentication data (step S6). At this time, if the account code of the user does not include the common code (“@ abcd.net”) given to the user by the service provider (operating entity of the network 3), R
The adius server 7 accesses a database server in the network 2 and authenticates whether the user requesting a connection is a legitimate user who has contracted with a provider that operates the network 2. If, on the other hand, the user's account code contains such a common code,
The authentication data is passed to the Radius server 10 of the network 3 via the Internet 1 to request user authentication (step S7). At this time, the authentication data is transferred by using an encryption procedure decided between the operators of the networks 2 and 3 so that the authentication data is not leaked from a node on the Internet 1 to a third party.

The Radius server 10 which has received the authentication data from the network 2 operates as the customer database server 1
5 to perform user authentication (step S8).
In this authentication, whether or not the user who has requested access is a user who has contracted with the service provider is confirmed based on whether or not a set of an account code and a password is registered in a database on the customer database server 15. . When the authentication is completed, the Radius server 10 notifies the Radius server 7 of the specific provider of the authentication result (whether or not the user has been confirmed) (step S9).
Then, the Radius server 7 can use the
The server 6 notifies the NAS 6 of the result of the authentication (step S10).

The NAS 6 that has received the authentication result uses Rad
If the user is confirmed in the ius server 7 or 10, the connection between the user terminal 5 and the Internet 1 is permitted (step S11). If the user cannot be confirmed in any of the Radius servers 7 and 10, the user terminal 5 is connected to the Internet. Refuse the connection with the server 1 (step S
12). When the connection is permitted, the usage status of the user until the connection is disconnected after that is displayed on the customer management server (not shown) connected to the provider network 2.
And the information corresponding to the usage status is recorded on the customer management server. This customer management server is for managing users who have contracted with the provider, and performs the same processing as the customer management server 14 of the service provider 3,
It functions as the first detecting means of the present invention. However, the connection position is appropriately changed according to the circumstances of the network 2 of the provider.

According to the above system, a user who wants to use the service of the network 3 only needs to sign a contract with the service provider and obtain an account code including the above-mentioned common code. The service on the network 3 can be used, and the user does not need to make a separate contract with the specific provider. Therefore, even a user who does not have knowledge of the Internet can easily use services on the network 3.

By the way, in the above system, the cost for the user who has contracted with the service provider to connect to the Internet 1 is generated on the provider side, and the cost for using the service on the network 3 is generated on the service provider side. I do. It is necessary for the provider and the service provider to collect the amount corresponding to the cost incurred from the user as the price of the service, but when the provider and the service provider individually charge the user for the use, the user becomes the user. I'm confused because I haven't signed up with a provider but only noticed the bill. Therefore, the provider notifies the service provider of the use result of the dial-up IP connection of the user who has contracted with the service provider, and the service provider adds a cost corresponding to the use result of the service on the network 3 to the service provider. It is desirable to collectively charge the user for the usage fee. FIG. 3 is a flowchart showing an example of a procedure for performing such processing.

FIG. 3 shows an example of processing when a disconnection reason occurs on the user terminal 5 side or on the provider side.
A process for disconnecting the connection to the Internet 1 is performed between the NAS and the NAS 6 (step S21). When the disconnection process is completed, the NAS 6 notifies the customer management server on the network 2 of the disconnection (Step S22). In response to this, the customer management server on the network 2 totals the usage time of the user (step S24), and transmits the totalization result as billing information to the customer management server 14 of the service provider (step S24). In response to this, the customer management server 14 updates data serving as a basis for requesting a usage fee for the user (step S25). The customer management server 14 sums up the usage charges of each user based on the data updated in this way, calculates the amount of money charged to each user periodically (for example, every month) based on the totalized result, and Output to an output destination (for example, a printer on which billing paper is set). In FIG. 3, every time the user terminates the connection to the Internet 1, the usage status is notified to the service provider every time, but the provider sends the user to the service provider at regular intervals (for example, every month). The usage status may be notified collectively. It should be noted that, as a matter of course, a substitute payment using a credit card company or the like may be used to charge the user for the usage fee. In this case, the usage fee of each user may be transmitted from the customer management server 14 to the payment computer of the card company.

In the above processing, the service provider:
While paying to the specific provider a fee (billing by the provider) in accordance with the usage record of the dial-up IP connection service notified by the specific provider, the charge by the provider and the usage record of the service provided by the provider are paid. The amount obtained by adding the charge is collected from the user as the usage fee (see FIG. 4A). in this case,
The specific provider only needs to be able to collect the price for the provision of the dial-up IP connection service from the service provider, and does not need to be aware of what kind of billing the service provider is making to the user. Therefore, the service provider can set a free charge system and charge the user for the usage fee without being bound by the charge system set for the contractor by the specific provider.

For example, when the user satisfies a predetermined condition, the service provider can reduce the charge for the user by discounting the charge of the service provider as shown in FIG. 4B. In this case, the predetermined condition may be that the user has paid a predetermined membership fee and has become a member of a network service operated by the service provider. If the service provider sells products or provides paid services (for example, various types of information) on the network 3, if the purchase price of the products or the usage fee of the service exceeds a predetermined amount, The discount condition may be satisfied. If the service provider provides a paid game on the network 3, the service provider issues points to the user according to the degree of achievement (or progress) of the game, and the points are accumulated to a certain value or more. The discount condition may be satisfied. The discount condition may be satisfied when the game usage time is equal to or longer than a predetermined value. Whether or not the predetermined condition has been satisfied may be determined, for example, when the customer management server 14 calculates the usage fee for each user, and when the condition is satisfied, the calculated amount of the usage fee may be operated.

Note that the degree of discount may be changed stepwise in accordance with the purchase price of the above-mentioned product, the points acquired in the game, and the like, and is set so that the charge of the service provider is finally free. May be. Further, as shown in FIG. 4C, the discount may be extended up to the charge of the provider.

According to the above system, the service provider does not need to provide facilities (such as the NAS 6) for providing a connection service to the Internet 1 in various places, so that the burden on the service provider for capital investment is extremely small. .
On the other hand, for the provider, the number of users who use their own dial-up IP connection increases due to the business of the service provider, so that business expenses for user acquisition can be reduced. Therefore, there is an advantage that the provider can provide a connection service to the Internet 1 at a lower price than the general one while securing a reasonable profit. Furthermore, if the service provider has contracted with a plurality of specific providers, the user has more options regarding the connection environment such as access points, charging forms, communication speeds, etc., and various users can access the Internet according to their preferences. You can use the connection service.

According to the present invention, user authentication information sent together with a request for connection to the Internet from a user terminal is transmitted to a network access server operated by a first business operator that provides a service for connecting to the Internet. Means for authenticating the user, notifying the authentication result to the network access server, and controlling whether the user terminal can connect to the Internet based on the notified user authentication result. A connection control method, wherein the second business entity includes a server for providing a predetermined service on the Internet, and the first detection means operated by the first business entity, Check the results of users connecting to the Internet via the network access server. Then, the second detecting means operated by the second business operator detects a record of the user using the service provided by the server of the second business operator, It may be configured as a connection control method for determining a usage charge to be charged to the user based on a detection result of the first and second detection means by the managed charging information generation means.

Alternatively, based on a network access server operated by a first business operator providing an Internet connection service, and user authentication information sent to the network access server from a user terminal together with a request for connection to the Internet. Authentication means for executing user authentication and notifying the network access server of the authentication result, wherein the network access server performs connection of the user terminal to the Internet based on the authentication result notified from the authentication means. A network connection control system for controlling permission / prohibition, wherein the server is provided for the second operator to provide a predetermined service on the Internet, the server is operated by the first operator, and the user accesses the network. Via the server A first detecting means for detecting a result of connecting to a network, and a second detecting means operated by the second company, wherein the user detects a result of using a service provided by a server of the second company. Detecting means, operated by the second business operator,
The present invention may be configured as a network connection control system including: a charging information generation unit configured to determine a usage fee charged to the user based on a detection result of the second detection unit.

The above-described embodiment is a method for collectively charging the usage fee for the connection service to the Internet and the usage fee for the network service provided via the Internet, wherein the usage status of the network service is a predetermined discount. A charging control method for discounting at least one of the connection service usage fee and the network service usage fee when a condition is satisfied, or a connection service usage fee for the Internet, and a network provided via the Internet. In a system including charging control means for collectively charging a service usage fee, the system includes means for determining whether or not the usage status of the network service satisfies a predetermined discount condition. When the discount conditions are met, And utilization rate of the serial connection service includes invention relates accounting control system discounting at least one of the usage charge for the network service. The network service includes various services that can be used from the user terminal through the Internet, for example, sale of goods, provision of paid services such as information distribution, game play, and the like. The predetermined discount condition can be determined based on the amount of use of a product or service, the degree of achievement of the game, the time of using the game, and the like, and the discount may be performed in a plurality of stages.

[0052]

As described above, according to the present invention, a user who has contracted with a second business operator can access the Internet using the Internet connection service provided by the first business operator. Can be realized, and what users are permitted to connect to the Internet can be freely determined between the first business operator and the second business operator. You only need to let the user use the appropriate user authentication information based on the content,
The user can connect to the Internet without being aware of the first business operator, and can provide a user-friendly service. When the second operator provides some service using a server on the Internet, the second operator does not need to prepare facilities for providing a connection service to the Internet, so that capital investment can be reduced. It is possible to concentrate on expanding services provided to users through the Internet. For the first business operator, the user acquired by the second business operator uses his / her own Internet connection service, so that the operating expenses for user acquisition can be reduced, and the price for the connection service is correspondingly reduced. Even if you lower the price, you can still make a profit.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of a characteristic portion of a network to which the present invention is applied.

FIG. 2 is a flowchart showing a procedure of user authentication performed in the system of FIG. 1;

FIG. 3 is a flowchart showing a procedure for exchanging charging information executed in the system of FIG. 1;

FIG. 4 is a diagram showing a breakdown of a usage fee charged by a service provider to a user.

[Explanation of symbols]

 1 Internet 2 Provider Network 3 Service Provider Network 4 Public Line Network 5 User Terminal 6 NAS (Network Access Server) 7,10 Radius Server (Authentication Server) 11 Lobby Server 12,13 WWW Server 14 Customer Management Server 15 Customer Database Server 16 Firewall

 ────────────────────────────────────────────────── ─── Continuing on the front page (72) Inventor Munenori Otsuki 2-3-12 Yaesu, Chuo-ku, Tokyo Onkyo Yaesu Building 4F Business Network Telecom Co., Ltd. F term (reference) 5B085 AC04 AE02 AE23 BG07 5K030 GA19 HA08 HB28 HC01 HD01 JT03 KA01 KA04 KA05 KA06 KA07 LA08 LB08

Claims (18)

[Claims] 1. A user authentication information sent together with a request for connection to the Internet from a user terminal to a network access server operated by a first business operator that provides a connection service to the Internet, from the network access server to the network access server. When the user authentication information satisfies a predetermined condition and is transferred to a first authentication server operated by the first business operator in association with a server, a second business operator different from the first business operator is used. The user authentication information is further transferred from the first authentication server to the operated second authentication server via the Internet, and the second authentication server is referred to by referring to a database associated with the second authentication server. Executing user authentication by the second authentication server and returning the user authentication result to the first authentication server. , The first authentication server is the second authentication server
A network connection control method, comprising: notifying an authentication result from the authentication server to the network access server; and controlling whether or not the user terminal can connect to the Internet based on the notified user authentication result. 2. The user authentication information includes an account code for specifying a user, and the first authentication server sends a request to the second authentication server when the account code includes a predetermined code. The connection control method according to claim 1, wherein the user authentication information is transmitted. 3. A server for providing a predetermined service on the Internet by the second operator,
The account code including the predetermined code is stored in the second
3. The connection control method according to claim 2, wherein the connection control method is set as an account code for using the predetermined service provided by the business operator on the Internet. 4. A lobby server that provides a place for a plurality of users to search for a negotiation partner through the Internet as a server for the second business entity to provide a predetermined service on the Internet. 2. The connection control method according to claim 1, wherein: 5. A server for providing a predetermined service on the Internet by the second operator,
The first detecting means operated by the first business operator detects the result of the user connecting to the Internet via the network access server, and the second detecting means operated by the second business operator. The detecting means detects the result of the user using the service provided by the server of the second business, and the charging information generating means operated by the second business performs the first and second services. 2. The connection control method according to claim 1, wherein a usage fee to be charged to the user is determined based on a detection result of the detection unit. 6. The method according to claim 5, wherein when a predetermined discount condition is satisfied, a use price actually charged to the user is discounted rather than a use price when it is assumed that the discount condition is not satisfied. Described connection control method. 7. The connection according to claim 6, wherein the predetermined discount condition is associated with use of the user for a service provided by the second business entity via the server. Control method. 8. The service provider executes sale of a product or provision of a paid service as a service via the server, and when a purchase price of the product or a use price of the service exceeds a predetermined amount, The connection control method according to claim 7, wherein it is determined that a predetermined discount condition is satisfied. 9. The service provider provides a paid game as a service via the server, issues points according to a play situation for the game to the user, and based on the points, the predetermined 8. The connection control method according to claim 7, wherein it is determined whether the discount condition is satisfied. 10. A network access server operated by a first business operator that provides a connection service to the Internet, and the first access service is associated with the network access server.
A first authentication server operated by a second business operator, and a second authentication server operated by a second business operator different from the first business operator and connected to the first authentication server via the Internet And transferring user authentication information sent together with a connection request from the user terminal to the Internet to the network access server from the network access server to the first authentication server, wherein the user authentication information is a predetermined one. When the condition is satisfied, the user authentication information is further transferred from the first authentication server to the second authentication server via the Internet, and the user authentication information is referred to a database associated with the second authentication server. Executing a user authentication by the second authentication server, returning the user authentication result to the first authentication server, An authentication server notifies the network access server of an authentication result from the second authentication server, and the network access server controls whether the user terminal can connect to the Internet based on the notified user authentication result. Network connection control system. 11. The user authentication information includes an account code for specifying a user, and the first
11. The network connection control system according to claim 10, wherein said authentication server sends said user authentication information to said second authentication server when said account code includes a predetermined code. 12. The server according to claim 2, wherein said second business operator has a server for providing a predetermined service on said Internet, and said account code including said predetermined code is transmitted by said second business operator on said Internet. 12. The network connection control system according to claim 11, wherein the account code is set as an account code for using the provided predetermined service. 13. A server for the second business operator to provide a predetermined service on the Internet,
The network connection control system according to claim 10, further comprising a lobby server that provides a place for searching for a negotiation partner through the Internet to a plurality of users. 14. A server for providing a predetermined service on the Internet by the second business operator, and operated by the first business operator, wherein the user accesses the Internet via the network access server. First detection means for detecting a connected result; and second detection for operating by the second operator and detecting the result of the user using a service provided by a server of the second operator. And charging information generating means which is operated by the second business operator and determines a usage charge to be charged to the user based on detection results of the first and second detecting means. The network connection control system according to claim 10, wherein 15. The method according to claim 15, wherein when the predetermined discount condition is satisfied, the billing information generating means discounts a use price actually charged to the user rather than a use price when the condition is not satisfied. The network connection control system according to claim 14, wherein 16. The network according to claim 15, wherein the predetermined discount condition is associated with use of the user for a service provided by the second business through the server. Connection control system. 17. The service provider executes sale of a product or provision of a paid service as a service via the server, and the billing information generating means determines whether a purchase price for the product or a usage fee for the service is predetermined. 17. The network connection control system according to claim 16, wherein it is determined that the predetermined discount condition is satisfied when the amount exceeds the amount. 18. The service provider provides a paid game as a service via the server, and issues points according to a play situation for the game to the user. 17. The network connection control system according to claim 16, wherein it is determined whether or not the predetermined discount condition is satisfied based on the points.